Security News > 2020 > July

A number of high profile Twitter accounts, including Bill Gates, Elon Musk and Apple, were breached on Wednesday. Twitter said in an official statement: "We are aware of a security incident impacting accounts Twitter accounts. We are investigating and taking steps to fix it. We will update everyone shortly".

The Twitter accounts of Microsoft co-founder Bill Gates, Tesla CEO Elon Musk, and other celebrities were briefly taken over on Wednesday, along with the accounts of various cryptocurrency businesses and affiliated executives, to promote a Bitcoin scam. Twitter also silenced verified blue-tick accounts temporarily to prevent more abuse while it got to the bottom of the kerfuffle.

The official Twitter accounts of Apple, Elon Musk, Jeff Bezos and others were hijacked on Wednesday by scammers trying to dupe people into sending cryptocurrency bitcoin, in a massive hack. The list of accounts commandeered simultaneously grew rapidly to include Joe Biden, Barack Obama, Uber, Microsoft co-founder Bill Gates, bitcoin specialty firms and many others.

If anyone is well-positioned to flip a switch and solve the email security problem entirely, it would be Microsoft. In its 2020 State of Security report, it found that 96 percent of respondents used Microsoft 365 for email delivery.

A report released Wednesday by security provider Positive Technologies discusses the trends of ransomware attacks during the first quarter of 2020. For its "Cybersecurity Threatscape Report for Q1 2020," Positive Technologies found that more than a third of malware-based cyberattacks during the quarter were ransomware attacks.

Microsoft's desktop email client Outlook has stopped working worldwide for countless users, whether they are using it with an on-premises Exchange server or with the Office 365 cloud. As a workaround, users can utilize Outlook on the web or their mobile clients.

The good news for most of us, at least in terms of patching, is that this vulnerability only affects Windows servers, because the bug is in the Windows DNS server code, not in the Windows DNS client code. DNS servers often need to perform client-like functions, for example by passing on requests that they can't answer themselves to other servers that can, reading in the replies and reformatting them to reply to the original client request that came in.

Banking trojans, which steal online banking logins and other financial credentials from unsuspecting victims, are fairly common - but the more sophisticated examples are often pioneered in Brazil. The third family, Melcoz, has been active since 2018, and is known for malware that, like other banking trojans, steals passwords from browsers and the computer's memory; but it also includes a module for stealing Bitcoin wallets.

Chrome 84 was released in the stable channel this week with a total of 38 patches, but also with additional security improvements, including the rollout of a previously announced SameSite cookie change. The release of Chrome 84 resumes the gradual rollout of the protection.

Citrix on Wednesday denied claims that its systems have been breached and says the information being sold on the dark web actually comes from a third party and it's not very sensitive. Citrix has found no evidence that its systems have been compromised, and pointed out that hackers couldn't have moved from the third party's network to its own systems.